WAGO: Remote Code execution vulnerability in managed Switches

VDE-2023-037

Last update

21.11.2023 08:00

Published at

21.11.2023 08:00

Vendor(s)

WAGO GmbH & Co. KG

External ID

VDE-2023-037

CSAF Document

Download

Summary

Affected products are vulnerable to remote code execution via command injection in the web-based management by an attacker.

Impact

An unprivileged attacker can fully compromise the system and access all files.

Affected Product(s)

Model no.	Product name	Affected versions
0852-1605, 0852-0603, 0852-0602	Industrial Managed Switch	Firmware < 1.0.6.S0, Firmware < 1.2.5.S0

Vulnerabilities

Expand / Collapse all

Published

22.09.2025 14:57

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Summary

A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based management.

References

cve.org | nvd.nist.gov

Mitigation

Restrict network access to the device.
Do not directly connect the device to the internet.

Remediation

WAGO recommends all affected users of products 0852-0602, 0852-0603 to update to firmware version 1.0.6.S0 and all affected users of 852-1605 to update to firmware version 1.2.5.S0.

Revision History

Version	Date	Summary
1	21.11.2023 08:00	Initial revision.

WAGO: Remote Code execution vulnerability in managed Switches

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2023-4149 9.8

Mitigation

Remediation

Revision History